NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nats.deno | Linuxfoundation | * | 1.0.0-9 (excluding) |
Nats.js | Linuxfoundation | * | 2.0.0-209 (excluding) |
Nats.ws | Linuxfoundation | * | 1.0.0-111 (excluding) |